China’s Mythos moment is coming. After Anthropic announced Mythos, a model capable of discovering thousands of zero-day vulnerabilities in every web browser and operating system back in May, last month Chinese AI startup Z.ai launched GLM-5.2, an open weight model which The Wall Street Journal suggested matched Mythos in some cybersecurity scenarios.

GLM-5.2 has caught the attention of cybersecurity researchers due to its performance on long-horizon tasks and AI coding. In fact, in one test, the model outperformed Claude Code on a vulnerability discovery task.

At the same time, in June, Chinese cybersecurity firm 360 Security Technology announced Tulongfeng, a multi-agent swarm system which founder Zhou Hongyi claimed was “China’s version of Mythos,” capable of automatically discovering software vulnerabilities.

However, while there is little evidence to suggest that tools like GLM-5.2 and Tulongfeng have approached Mythos’ reasoning and offensive capabilities, that day is coming. For instance, researchers from autonomous offensive security platform XBOW found that GLM didn’t beat Mythos, but demonstrated a “good enough” offensive capability at a low enough price point to impact the threat landscape.

How Much Risk Do Chinese Open Source Models Present?

The U.S. government appears to be deeply concerned about the development of Chinese AI models, with the White House recently imposing export controls on Anthropic’s Mythos due to concerns that a China-linked group had accessed the model. This indicates that cyber-permissive open source models could also constitute national security concerns to the U.S.

At this stage in development, the biggest risk presented by models like GLM-5.2 comes in the form of misuse by end users. Users can download and run GLM-5.2 on local hardware, without the oversight and content moderation that frontier AI models from OpenAI and Anthropic have, which leaves more opportunity for malicious activity.

For instance, powerful U.S. models like Mythos and OpenAI’s GPT-5.5 Cyber are restricted to selected organizations and researchers under Project Glasswing and Trusted Access for Cyber. Cyber-permissive open source and open weight models simply don’t have this kind of gatekeeping in place, leaving them more open to misuse.

Mayank Upadhyay, chief security and trust officer of AI data cloud provider Snowflake, noted concerns not just about the vulnerability discovery capabilities of next generation AI models, but also about these capabilities moving to open source models.

“What I worry about is also that the capabilities of open source models are getting better and better,” Upadhyay told me in a video interview, referencing GLM 5.2 and its long horizon capabilities.”I worry about there being a window of time before which open source catches up.”

While frontier labs are keeping tools like Mythos and 5.5 Cyber in a relatively controlled environment, open source models are likely to increase the risk of exploitation in the future. “There’s a bit of a breathing room before the genie is out of the bottle, so use this breathing room to proactively find and fix as many things as you can,” Upadhyay said.

Dealing With Scalable Attacks

Now organizations need to be prepared to actively respond to a threat landscape where malicious actors can discover and exploit vulnerabilities faster with proprietary and open source models.

“For years, cyber defense has largely been a people problem. Organizations hired more security practitioners, deployed more tools, and built bigger security teams to keep up with growing threats. AI changes that equation,” Galina Antova, cofounder and CEO of agentic AI platform Kai, told me via email.

“It allows attackers to scale far more quickly while driving down the cost and effort required to identify and exploit vulnerabilities. Defenders can’t simply hire their way out of that imbalance,” Antova said.

Although it’s difficult to assess just how widespread the exploitation of AI vulnerability scanning is, Verizon’s Data Breach Investigations Report (DBIR) 2026 found that 31 percent of all breaches started with vulnerability exploitation, as exploitation of software flaws surpassed credentials for the first time.

As vulnerability exploitation rises, Antova argues that organizations need to assume the window between a vulnerability being discovered and actively exploited will continue to shrink, and warns that companies that continue to rely on fragmented tools and manual workflows will not be able to keep up.

“Tasks that once required security teams to manually investigate, prioritize, and respond increasingly need to happen at machine speed, with humans providing oversight for the decisions that matter most,” Antova said. “Organizations must provide security teams with AI tools that can take on repetitive work, reason through complex problems, and execute alongside human experts. That’s how defenders begin to operate at the same speed attackers are already moving.”

Time Is Running Out

Although AI has been used to enable cyberattacks such as phishing emails and deepfakes for years, the release of models with vulnerability discovery capabilities threatens to increase risk. Right now, organizations have some time to prepare before more powerful models are readily available.

“Restricted access buys time. It doesn’t buy safety and 360’s announcement proves it. The moment a capability like this exists, comparable versions follow. Defending around who has access to which model is the wrong frame. The real question is whether your security program can move at the speed these tools create,” Harman Kaur, CTO of autonomous IT company Tanium, told me via email.

“The Zero-Day Clock puts the median time from disclosure to exploitation at hours, and by Mandiant’s latest count, the mean time-to-exploit has gone negative. Attackers are weaponizing flaws before a patch exists. Most enterprise patch cycles still run 14 to 30 days. The window hasn’t just shrunk. It’s inverted,” Kaur said.

In a world where AI accelerates vulnerability discovery, companies need to patch faster to keep up. Cybersecurity fundamentals, like patching critical systems and software, will be essential going forward as these models come to market.

Share.
Leave A Reply

Exit mobile version